Am having an isolated case where a single comp stopped browsing but nslookup works fine. I have enabled masquerading on the subnet which the comp belongs. What could be the issue?
Unreachable proxy server configured on the client?
I have not configured any proxy server.
this is what i get when fetching gmail
wget gmail.com
–2010-05-13 00:21:11-- http://gmail.com/
Resolving gmail.com… 209.85.227.17, 209.85.227.83, 209.85.227.18, …
Connecting to gmail.com|209.85.227.17|:80… failed: Connection timed out.
Connecting to gmail.com|209.85.227.83|:80..
Firewall blocking things?
It’s all just wild guessing until you post your relevant configuration. /ip route, /ip address, /ip firewall filter, /ip firewall nat at minimum.
Here are firewall rules.
/ip route> print detail
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit
0 ADS dst-address=0.0.0.0/0 gateway=41.212.11.1 interface=ether1-wan gateway-state=reachable distance=0 scope=30 target-scope=10
1 ADC dst-address=41.212.11.0/24 pref-src=41.212.11.158 interface=ether1-wan distance=0 scope=10
2 ADC dst-address=192.168.1.0/24 pref-src=192.168.1.1 interface=ether3-syokimau distance=0 scope=10
3 ADC dst-address=192.168.8.0/21 pref-src=192.168.8.1 interface=ether4-eastleigh distance=0 scope=10
4 ADr dst-address=192.168.10.0/24 gateway=192.168.1.25 interface=ether3-syokimau gateway-state=reachable distance=120 scope=20 target-scope=10 route-tag=0
5 ADC dst-address=192.168.16.0/21 pref-src=192.168.16.1 interface=ether3-syokimau distance=0 scope=10
/ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; management network
address=192.168.1.1/24 network=192.168.1.0 broadcast=192.168.1.255 interface=ether3-syokimau actual-interface=ether3-syokimau
1 ;;; hotspot network
address=192.168.8.1/21 network=192.168.8.0 broadcast=192.168.15.255 interface=ether4-eastleigh actual-interface=ether4-eastleigh
2 address=192.168.200.1/24 network=192.168.200.0 broadcast=192.168.200.255 interface=ether5-kikuyu actual-interface=ether5-kikuyu
3 address=192.168.100.1/24 network=192.168.100.0 broadcast=192.168.100.255 interface=ether2 actual-interface=ether2
4 address=192.168.16.1/21 network=192.168.16.0 broadcast=192.168.23.255 interface=ether3-syokimau actual-interface=ether3-syokimau
5 D address=41.212.11.158/24 network=41.212.11.0 broadcast=41.212.11.255 interface=ether1-wan actual-interface=ether1-wan
6 ADC dst-address=192.168.100.0/24 pref-src=192.168.100.1 interface=ether2 distance=0 scope=200
7 ADC dst-address=192.168.200.0/24 pref-src=192.168.200.1 interface=ether5-kikuyu distance=0 scope=10
/ip firewall filter print detail
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
/ip firewall nat print detail
Flags: X - disabled, I - invalid, D - dynamic
0 X ;;; place hotspot rules here
chain=unused-hs-chain action=passthrough
1 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.16.0/21
2 ;;; masquerade hotspot network
chain=srcnat action=masquerade src-address=192.168.8.0/21
3 X chain=dstnat action=accept protocol=tcp dst-address-type=local in-interface=ether1-wan dst-port=8291
4 ;;; server forwarding
chain=dstnat action=dst-nat to-addresses=192.168.1.159 protocol=tcp dst-address-type=local in-interface=ether1-wan dst-port=!8291
5 chain=srcnat action=src-nat to-ports=0-65535 protocol=tcp src-address=192.168.1.159 out-interface=ether1-wan
6 ;;; udp forwarding to server
chain=dstnat action=dst-nat to-addresses=192.168.1.159 protocol=udp dst-address-type=local in-interface=ether1-wan
7 chain=srcnat action=masquerade src-address=192.168.200.0/24 out-interface=ether1-wan
8 chain=srcnat action=masquerade src-address=192.168.100.0/24 out-interface=ether1-wan
9 chain=srcnat action=masquerade src-address=192.168.1.0/24 out-interface=ether1-wan